Use WsFederation in ASP.NET Core 2.0

Startup.cs

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.StaticFiles;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.WsFederation;
using System.Xml.Linq;
using System;
using Microsoft.IdentityModel.Tokens;
using System.Xml;
using System.Xml.XPath;
using System.Linq; 

public class Startup
    {
    private void ApplyMetadata(WsFederationOptions o, string metadataAddress)
        {

            if (o.Configuration == null) o.Configuration = new Microsoft.IdentityModel.Protocols.WsFederation.WsFederationConfiguration();


            var metaXml = XDocument.Load(metadataAddress);
            var namespaceManager = new XmlNamespaceManager(new NameTable());
            namespaceManager.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:metadata");
            namespaceManager.AddNamespace("digsig", "http://www.w3.org/2000/09/xmldsig#");
            var signingCertsXml = metaXml.XPathSelectElements("//saml:IDPSSODescriptor/saml:KeyDescriptor[@use='signing']/digsig:KeyInfo/digsig:X509Data/digsig:X509Certificate", namespaceManager);
            foreach (var signingCertXml in signingCertsXml)            
               o.Configuration.SigningKeys.Add(new X509SecurityKey(new System.Security.Cryptography.X509Certificates.X509Certificate2(Convert.FromBase64String(signingCertXml.Value))));
            
            
           var entityId = metaXml.XPathSelectElement("//saml:EntityDescriptor",namespaceManager).Attributes().Single(x=>x.Name.LocalName == "entityID").Value;
            o.Configuration.Issuer = entityId;
            o.Configuration.TokenEndpoint = metaXml.XPathSelectElements("//saml:IDPSSODescriptor/saml:SingleSignOnService", namespaceManager).First().Attributes().Single(x => x.Name.LocalName == "Location").Value;
            
            //  o.Configuration.KeyInfos.Add(new Microsoft.IdentityModel.Xml.KeyInfo(new System.Security.Cryptography.X509Certificates.X509Certificate2(keyInfo509Byts)));
            
        }
         
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
            })
            .AddCookie()
            .AddWsFederation(o =>
            {                
                //TODO: Eventually WsFederation will correctly parse metadata.  Once it does, this line and the ApplyMetadata method can be removed.
                ApplyMetadata(o, Configuration["ADFS:MetadataAddress"]); //https://adfs.foo.com/federationmetadata/2007-06/federationmetadata.xml
                o.Wreply = Configuration["ADFS:Wreply"]; //Your app's url.  ie https://localhost:44301/signin-wsfed in dev, FQDN in prod.  Must end with signin-wsfed
                o.Wtrealm = Configuration["ADFS:Wtrealm"]; //Your app's realm.  This is the Relying Party Trust's Identifier.  Often urn:rpname:adfs.foo.com       
                //These settings wire up User.Identity.Name and roles.  YMMV
                o.TokenValidationParameters.NameClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier";
                o.TokenValidationParameters.RoleClaimType = "role";
            });
           //...All your usual services        
        }
        //...All your usual config
        }
        
        

Hi How to call ApplyMetadata or when it will get called

line 54.

hi thanks did not see it....

Hi danroot ,
I am trying to integrate adfs with .net core 2.2. , i am able integrate startup.cs but how to autheticate adfs logged in user @ action level i am not getting , if you can help it will be great
Thanks,
vsmk